[DPE - 6153] - Propagate the security index intitialized through the peercluster relation

lib/charms/opensearch/v0/models.py

@@ -326,6 +326,7 @@ class PeerClusterRelData(Model):
     cm_nodes: List[Node]
     credentials: PeerClusterRelDataCredentials
     deployment_desc: Optional[DeploymentDescription]
+    security_index_initialised: bool = False
 
 
 class PeerClusterRelErrorData(Model):

lib/charms/opensearch/v0/opensearch_base_charm.py

@@ -1074,7 +1074,8 @@ def _post_start_init(self, event: _StartOpenSearch):  # noqa: C901
             admin_secrets = self.secrets.get_object(Scope.APP, CertType.APP_ADMIN.val)
             try:
                 self._initialize_security_index(admin_secrets)
-                self.peers_data.put(Scope.APP, "security_index_initialised", True)
+                self.put_security_index_initialized(event)
+
             except OpenSearchCmdError as e:
                 logger.debug(f"Error when initializing the security index: {e.out}")
                 event.defer()
@@ -1721,6 +1722,15 @@ def handle_joining_data_node(self) -> None:
         else:
             self._start_opensearch_event.emit(ignore_lock=True)
 
+    def put_security_index_initialized(self, event: EventBase) -> None:
+        """Set the security index initialized flag."""
+        self.peers_data.put(Scope.APP, "security_index_initialised", True)
+        if self.opensearch_peer_cm.deployment_desc().typ == DeploymentType.MAIN_ORCHESTRATOR:
+            self.peer_cluster_provider.refresh_relation_data(event)
+        else:
+            # notify the main orchestrator that the security index is initialized
+            self.peer_cluster_requirer.set_security_index_initialised()
+
     @property
     def unit_ip(self) -> str:
         """IP address of the current unit."""

lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py

@@ -160,6 +160,9 @@ def _on_peer_cluster_relation_changed(self, event: RelationChangedEvent):
         if not (data := event.relation.data.get(event.app)):
             return
 
+        if self._get_security_index_initialised():
+            self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)
+
         # get list of relations with this orchestrator
         target_relation_ids = [
             rel.id for rel in self.charm.model.relations[self.relation_name] if len(rel.units) > 0
@@ -418,6 +421,7 @@ def _rel_data(
                     s3=self._s3_credentials(deployment_desc),
                 ),
                 deployment_desc=deployment_desc,
+                security_index_initialised=self._get_security_index_initialised(),
             )
         except OpenSearchHttpError:
             return PeerClusterRelErrorData(
@@ -519,6 +523,22 @@ def _fetch_local_cm_nodes(self, deployment_desc: DeploymentDescription) -> List[
             if node.is_cm_eligible() and node.app.id == deployment_desc.app.id
         ]
 
+    def _get_security_index_initialised(self) -> bool:
+        """Check if the security index is initialised."""
+        if self.charm.peers_data.get(Scope.APP, "security_index_initialised", False):
+            return True
+
+        # check all other clusters if they have initialised the security index
+        all_relation_ids = [
+            rel.id for rel in self.charm.model.relations[self.relation_name] if len(rel.units) > 0
+        ]
+
+        for rel_id in all_relation_ids:
+            if self.get_from_rel("security_index_initialised", rel_id=rel_id, remote_app=True):
+                return True
+
+        return False
+
 
 class OpenSearchPeerClusterRequirer(OpenSearchPeerClusterRelation):
     """Peer cluster relation requirer class."""
@@ -598,6 +618,9 @@ def _on_peer_cluster_relation_changed(self, event: RelationChangedEvent):  # noq
         # register main and failover cm app names if any
         self.charm.peers_data.put_object(Scope.APP, "orchestrators", orchestrators.to_dict())
 
+        if data.security_index_initialised:
+            self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)
+
         # let the charm know this is an already bootstrapped cluster
         self.charm.peers_data.put(Scope.APP, "bootstrapped", True)
 
@@ -643,8 +666,6 @@ def _set_security_conf(self, data: PeerClusterRelData) -> None:
         )
 
         self.charm.peers_data.put(Scope.APP, "admin_user_initialized", True)
-        if self.charm.alt_hosts:
-            self.charm.peers_data.put(Scope.APP, "security_index_initialised", True)
 
         if s3_creds := data.credentials.s3:
             self.charm.secrets.put_object(Scope.APP, "s3-creds", s3_creds.to_dict(by_alias=True))
@@ -680,6 +701,21 @@ def _orchestrators(
 
         return PeerClusterOrchestrators.from_dict(local_orchestrators)
 
+    def set_security_index_initialised(self) -> None:
+        """Set the security index as initialised."""
+        # get the MAIN orchestrator
+        orchestrators = PeerClusterOrchestrators.from_dict(
+            self.charm.peers_data.get_object(Scope.APP, "orchestrators") or {}
+        )
+
+        if not orchestrators:
+            return
+
+        # set the security index as initialised in the unit data bag with the main orchestrator
+        self.put_in_rel(
+            data={"security_index_initialised": "true"}, rel_id=orchestrators.main_rel_id
+        )
+
     def _put_current_app(
         self, event: RelationEvent, deployment_desc: DeploymentDescription
     ) -> None: